Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

11. July 31,
Associated Press – (Michigan) 150 sickened after eating at Holland area
restaurant. State health officials on the west side of Michigan said the
number of people reporting illness after eating at a restaurant in Holland
reached 150, the Associated Press reported July 31. The Health Department said
Margarita’s Mexican Restaurant voluntarily shut down after officials started
investigating July 26. The department launched its probe after getting reports
of 10 illnesses. Health officials hoped to get results from lab tests the week
of July 30. Source: http://detroit.cbslocal.com/2012/07/31/150-sickened-after-eating-at-holland-area-restaurant/

• The ongoing drought could be to blame for
about nine water main breaks in July that required Bloomington, Illinois, to
send water to Towanda and Hudson the week of July 23. – Bloomington-Normal
Pantagraph

20. July 30,
Bloomington-Normal Pantagraph – (Illinois) Drought blamed
for water main breaks. The ongoing drought could be to blame for an uptick
in water main breaks in July that required Bloomington, Illinois, to send
Normal water to Towanda and Hudson the week of July 23. The city saw about nine
water main breaks in July which the water director said was high compared to
the one break in July 2011, two breaks in July 2010, and four breaks in July
2009. “We think some of the breaks we have this month is because of too dry
soil,” he said. The drying soil shrinks, compacting and causing the pipes to
break. He said the city cannot positively attribute any water main breaks to
the drought but in several cases there appears to be no other reason. Normal
also repaired 6 broken water mains in July. That is only slightly above the
four or five the department typically has in an average July. Bloomington’s water
supply comes from two lakes, which are more vulnerable during a drought than
Normal’s underground supply. The lakes — Evergreen and Lake Bloomington — were
a combined 6.2 feet below average July 30. Voluntary water use restrictions are
not triggered until lake levels are 8 feet below normal, which is not expected
until September. Source: http://www.pantagraph.com/news/local/dought-blamed-for-water-main-breaks/article_a5f7b1f6-daab-11e1-b12e-0019bb2963f4.html

• A cryptography specialist released tools for
cracking passwords in wireless and virtual private networks that use a popular
encryption protocol based on an algorithm from Microsoft. The tools were
released at the Def Con conference July 28. – CNETView 36 below in the Information Technology Sector

• Some 700 people were evacuated from a Walmart
in Secaucus, New Jersey, after a bomb threat was phoned in July 30, authorities
said. The threat was 1 of 12 that was recently phoned in to Walmart stores
across the country. – Jersey Journal

38. July 31,
Jersey Journal – (New Jersey; Missouri; Kansas) 700 people evacuated from Mill
Creek Mall Walmart in latest of 12 bomb threats plaguing its chain stores. Some
700 people were evacuated from the Walmart at the Mill Creek Mall in Secaucus,
New Jersey, July 30 after a bomb threat was phoned in, authorities said. The
building was cordoned off to the public as police used bomb-sniffing dogs to
conduct an extensive search of the 100,000-square-foot facility. No explosive
devices were found. The threat was one of 12 that has been recently phoned in
to Walmarts across the nation. The Hudson County sheriff said someone called
the manager’s office in the Walmart that afternoon and said an explosive device
was going to go off. The store notified Secaucus police who called the
sheriff’s office. Trailers in the vicinity of the store were also searched,
police said. The Secaucus scare came after 11 bomb threats, 8 in Missouri and 3
in Kansas that were phoned in over the July 28 weekend. Police in Missouri said
July 30 they had a telephone number they believed all the threats in the
Midwest originated from and their investigation was very active. Source: http://www.nj.com/jjournal-news/index.ssf/2012/07/700_people_evacuated_from_mill.html

Details

Banking and Finance Sector

6. July 30, Riverside Press-Enterprise –
(California) Bank robber ‘Plain Jane Bandit’ strikes again. The “Plain
Jane Bandit,” suspected in the robbery of six banks in southern California,
struck again in Downey, California, July 30. The unidentified woman robbed a
Bank of America, according to the FBI. She is being sought for the robberies of
two Moreno Valley banks and one robbery each in Wildomar, Santa Fe Springs,
Whittier, and Buena Park. Source: http://www.pe.com/local-news/local-news-headlines/20120730-region-bank-robber-plain-jane-bandit-strikes-again.ece

7. July 30, U.S. Department of Justice – (New
York) Two Queens attorneys convicted of mortgage fraud. A federal jury
in New York City returned a verdict July 30 convicting 2 attorneys on 10 felony
counts for participating in a mortgage fraud scheme that resulted in over $25 million
in fraudulently-obtained loans from Countrywide Financial, Fremont Investment
and Loan, IndyMac Bank, Sun Trust Mortgage, Inc., Wells Fargo & Company,
and New Century Mortgage Corporation. From January 2006 to September 2008, the
defendants, partners at a law firm, worked as attorneys at real estate closings
for fraudulent home sales. The defendants worked with co-conspirator real
estate agents and loan officers to falsify loan documents in order to induce
banks to give mortgage loans for properties located in Queens, Brooklyn, and
Long Island. Many of the properties were purchased by “straw buyers” who had
been recruited by the co-conspirator real estate agents and loan officers to
purchase the properties. In many instances the straw buyers subsequently failed
to make mortgage payments to the lending institutions, and as a result millions
of dollars of loans entered default. The defendants profited by paying
themselves attorneys’ fees from the mortgage loan proceeds. Source: http://www.justice.gov/usao/nye/pr/2012/2012jul30.html

8. July 30, State Island Advance – (New York) No
bail for suspect in spree of daily bank robberies, including Staten Island
heist. The alleged 1-a-day bank bandit, who authorities said started a
5-day robbery spree in New York City’s Staten Island the week of July 23, was
held without bail July 30 after his arrest. The man was suspected in five
robberies over the course of a week. He was suspected of robbing a Northfield
Bank branch July 22 and then of robbing the same Chase branch in Williamsburg,
Brooklyn, July 23 and July 24. He then allegedly robbed a Citibank branch in
Ridgewood, Queens, July 25. And July 26 he was suspected in two incidents in
Forest Hills, Queens. The first time, the teller turned him away, so he walked
down the block and robbed a second bank instead. Source: http://www.silive.com/news/index.ssf/2012/07/once-a-day_bank_bandit_who_sta.html

Information Technology Sector

30. July 31,
Dark Reading – (International) Hiding SAP attacks in plain sight. As
some of the biggest processors of regulated data in any large organization,
business-critical applications like enterprise resource planning (ERP)
applications from SAP are well within the purview of compliance auditors and
malicious attackers. Many organizations believe that if these systems are set
behind firewalls, they are safely segmented enough to not require further
hardening. However, as one researcher demonstrated at Black Hat the week of
July 23, business-critical application servers never process data as an island,
and in those connections there are opportunities for attack by hiding malicious
packets within admissible ones. Called server-side request forgery (SSRF), the
attack technique highlighted by the head of Russian firm ERPScan makes it
possible to execute a multi-chained attack on SAP applications that can be executed
from the Internet while bypassing firewalls, IDS systems, and internal SAP
security configurations. Source: http://www.darkreading.com/database-security/167901020/security/news/240004610/

31. July 30,
Agence France-Presse – (International) Hackers topple Huawei routers. Hackers at
the Def Con conference were shown how to easily gain access to computer
networks through some routers made by Chinese electronics manufacturer Huawei
Technologies. The chief of Recurity Labs and his teammate were troubled that
Huawei did not issue any security advisories about its routers to warn users to
take precautions. The chief referred to the routers studied by Recurity as
having technology reminiscent of the 1990s and said once attackers gain access,
they could potentially run amok in networks. Recurity did not examine “big
boxes,” large routers Huawei makes for businesses and telecom networks. Source:
http://www.google.com/hostednews/afp/article/ALeqM5jVXDPSv7MVxlJGRfmLa6XnyQK3xQ

32. July 30,
The Verge – (International) New zero-day exploits in industrial software
channel the ghost of Microsoft Bob. A security researcher at the Def Con
conference revealed several new zero-day exploits in the supervisory control
and data acquisition (SCADA) systems used to interface with industrial
machinery. For these latest vulnerabilities, the researcher presented the
17-year-old software, Microsoft Bob. Bob may be long gone, but the researcher
showed the captive kiosk interface shares similarities with Human Machine
Interfaces (HMIs) — the software “control panels” for SCADA systems — and
demonstrated how they can be manipulated to allow unauthorized access. Source: http://www.theverge.com/2012/7/30/3200342/zero-day-scada-bugs-microsoft-bob-defcon

33. July 30,
The H – (International) EFI rootkit for Macs demonstrated. At the
Black Hat conference, an Australian security expert demonstrated a rootkit
which is able to insert itself into a Macbook Air’s EFI firmware and bypass the
FileVault hard drive encryption system. Although the concept of an EFI rootkit
is not new, this was the first time it was demonstrated live and the hacker
used a previously unknown method based on a modified Thunderbolt to Ethernet
adapter. Source: http://www.h-online.com/security/news/item/EFI-rootkit-for-Macs-demonstrated-1655108.html

34. July 30,
BBC News – (International) Ubisoft rush to fix security hole exposed by
plug-in. Games maker Ubisoft was forced to release an emergency patch to
fix a security hole discovered in its Uplay application. A Web browser add-on
reportedly left users open to outside attackers gaining control of their
computer. The Uplay software is bundled with major titles like Assassin’s
Creed. The flaw was discovered by a Google employee. It was discovered that any
Web site could force users with the plug-in to open any program on their PC. To
demonstrate this, one security researcher created a Web site proving the
exploits’ existence. When a person visited the Web site, the calculator program
would launch. While the calculator is harmless, experts warned the technique
could be used to launch a potentially malicious program. Source: http://www.bbc.co.uk/news/technology-19053453

35. July 30,
Infosecurity – (International) New Morto worm variant emerges with file
infection capability. A new variant of the Morto worm added a file
infection capability to the malware’s arsenal of weapons, warned a Microsoft
researcher. The original Morto worm was able to compromise remote desktop
protocol (RDP) connections by exploiting weak administrator passwords, but the
new strain has added file infection capability to its repertoire, noted the
researcher with the Microsoft Malware Protection Center. He explained that the
new Morto variant “infects .EXE files found on fixed and removable drives as well
as on default RDP and Administrative shares, but avoids infecting files that
contain strings like ‘windows’, ‘winnt’, ‘qq’, ‘Outlook’, ‘System Volume
Information’ or ‘RECYCLER’ in their path. Morto also leaves an infection
marker, ‘PPIF’ in infected files.” Source: http://www.infosecurity-magazine.com/view/27277/

36. July 28,
CNET – (International) Tools boast easy cracking of Microsoft crypto
for businesses. A cryptography specialist released tools at the Def Con
conference July 28 for easily cracking passwords in wireless and virtual
private networks that use a popular encryption protocol based on an algorithm
from Microsoft called MS-CHAPv2. The tools crack WPA2 (Wi-Fi Protected Access)
and VPN passwords used by corporations and organizations running networks
protected by the PPTP (Point-to-Point Tunneling Protocol), which uses MS-CHAPv2
for authentication. ChapCrack captures the MS-CHAPv2 handshakes, or SSL (Secure
Sockets Layer) negotiation communications, and converts them to a token that can
be submitted to CloudCracker. It takes less than a day for the service to
return results in the form of another token that is plugged back into ChapCrack
where the DES (Data Encryption Standard) keys are cracked. With that data,
someone can see all of the information traveling across the Wi-Fi network,
including sensitive corporate emails and passwords, and use passwords that were
revealed to log in to corporate networks. The tools are designed for
penetration testers and network auditors to use to check the security of their
WPA2 protected networks and VPNs, but they could also be used by people who
want to steal data and get unauthorized access to networks. Source: http://news.cnet.com/8301-1009_3-57481855-83/tools-boast-easy-cracking-of-microsoft-crypto-for-businesses/

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"